6 matches found
CVE-2025-1412
Mattermost versions 9.11.x = 9.11.6, 10.4.x = 10.4.1 fail to invalidate all active sessions when converting a user to a bot, with allows the converted user to escalate their privileges depending on the permissions granted to the bot...
CVE-2025-1412 vulnerabilities
Vulnerabilities for packages: mattermost...
CVE-2025-1412
creationtimestamp| type| source ---|---|--- 2025-02-24 10:26:09+00:00| seen| https://t.me/cvedetector/18790 2025-02-24 10:47:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3liw6d5ggxx2l...
CVE-2025-1412 Session Persistence After User-to-Bot Conversion
Mattermost versions 9.11.x = 9.11.6, 10.4.x = 10.4.1 fail to invalidate all active sessions when converting a user to a bot, with allows the converted user to escalate their privileges depending on the permissions granted to the bot...
CVE-2025-1412
CVE-2025-1412 affects Mattermost Server 9.11.x (up to 9.11.6) and 10.4.x (up to 10.4.1). The issue: when converting a user to a bot, active sessions are not invalidated, enabling the converted user to escalate privileges depending on the bot’s granted permissions. Documented impact: potential pri...
CVE-2025-1412 Session Persistence After User-to-Bot Conversion
Mattermost versions 9.11.x = 9.11.6, 10.4.x = 10.4.1 fail to invalidate all active sessions when converting a user to a bot, with allows the converted user to escalate their privileges depending on the permissions granted to the bot...